‘’The best things in life are free’’ – sang Janet Jackson who clearly didn’t know the dangers of free Wi-Fi networks. One such unseen danger is called an evil twin attack. Not unlike its namesake, this attack also wishes to cause chaos and misery, but in a little more subtle fashion. So, let’s find out what it is, how it works, and how we can protect ourselves against it. Show
Table of contentsIn short: What is an evil twin attack?An evil twin attack is when a malicious person sets up a fake access point usually made to look like a public Wi-Fi network. During an evil twin attack, a hacker tricks victims, and they log in to a stolen and insecure form of WiFi. Once the victims connect, the hacker can see everything they do online. Setting up an evil twin network is remarkably easy. Several off-the-shelf products allow anyone to become a hacker, including people who don't know anything about computers or programming. Evil twin attacks, step by stepHackers need impatient web users to pull off an evil twin attack. Unfortunately, plenty of us fall into this category. When we go into a public space, such as a library or a coffee shop, we expect that establishment to offer free and fast WiFi. In fact, reporters even rank businesses by their connection speeds. But that speed and convenience come with a cost. Hackers can quickly take over a safe-seeming WiFi connection and see (or steal) anything users do online. An attack typically works like this:
Customer participation is critical in an evil twin WiFi attack. And unfortunately, only about half of all consumers think they're responsible for securing their data on a public WiFi account. Most think the companies that offer connections will protect them. The companies may disagree. Evil twin attacks: 2 examplesWhy would someone want to sit between customers and websites? Let's walk through two examples of how hackers might use data like this. Let's imagine a hacker sitting inside a connection at a local coffee shop:
Let's imagine another version of this same attack.
An attack like this can be remarkably profitable. And it's almost impossible for victims to spot the problems as they unfold. Prevent the next attackMore than 80 percent of people will connect to any WiFi network available to them when they're out and about. If you're part of this population, it's time for a new strategy. The quickest and easiest way to stay safe is to avoid any public WiFi connection. Rely on your own cell service or wait until you're at home or in your office to connect. If you must connect via public WiFi, follow these three steps:
Evil twin attacks are just one method hackers might use to steal your data. IP spoofing attacks are just as dangerous, and they're also hard to spot. Find out more about them, and how Okta can protect you, in this blog post. ReferencesThe 16 Chains With the Best Free Wi-Fi, Ranked. (October 2016). CNET. Most People Unaware of the Risks of Using Public Wi-Fi. (June 2016). CNBC. Report: 82 Percent of People Say They Connect to Any Free WiFi That's Available in a Public Place. (March 2020). Decision Data. Which of the following describes an evil twin?Which of the following describes an evil twin? -A device infected with malware that an attacker uses to control the device remotely.
What can prevent suspicious packets from entering a company network?A software firewall runs on the operating system and intercepts packets as they arrive to a computer. A firewall protects all company servers and computers by stopping packets from outside the organization's network that do not meet a strict set of criteria.
What is it called when someone attempts to befriend you online for the purpose of stealing confidential or sensitive information?A definition of spear-phishing
Spear-phishing is a targeted attempt to steal sensitive information such as account credentials or financial information from a specific victim, often for malicious reasons.
What apps are defined as those you download and run directly on the mobile device?Native applications and platforms
However, in the context of mobile web apps, the term native app means any application written to work on a specific device platform. The two main mobile OS platforms are Apple's iOS and Google's Android.
|